Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance

1© 2017 IDERA, Inc. All rights reserved.
TACKLING KEY GDPR CHALLENGES
WITH DATA MODELING AND
GOVERNANCE
NOVEMBER 08TH, 2017
Sultan Shiffa
Senior Software Consultant, Enterprise Architecture & Modeling
Sultan.Shiffa@idera.com

2© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 2© 2017 IDERA, Inc. All rights reserved.
AGENDA
 GDPR Overview
 Implications for organisations
• Principles and conditions for personal data
and its processing
• Consent management
• Individual rights
• Privacy by design
• Data security and breach notification
 IDERA’s Enterprise Data Architecture Solution
 Tackling GDPR challenges with EDA Solution

GDPR Overview

GDPR OVERVIEW
 Effective from 25th of May, 2018
 Replaces directives like DPA and country
data protection laws
 Applies to:
• Personal data
• Sensitive personal data
• Global
 Fines – 20 Mio. Euros or 4% annual
worldwide turnover (up to the greater)

Implications for
organisations

PRINCIPLES OF PROCESSING PERSONAL DATA
UNDER GDPR – ARTICLE 5
• Processed lawfully, fairly and in a transparent manner in
relation to individuals
• Collected for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary in
relation to the purposes for which they are processed
• Accurate and, where necessary, kept up to date
• Kept in a form which permits identification of data subjects
for no longer than is necessary for the purposes for which the
personal data are processed
• Processed ensuring appropriate security of the personal data

CONDITIONS FOR DATA PROCESSING
• Consent of the data subject
• Processing is necessary for :
• For the performance of a contract with the data subject or to
take steps to enter into a contract.
• For compliance with a legal obligation.
• To protect the vital interests of a data subject or another
person.
• For the performance of a task carried out in the public
interest or in the exercise of official authority vested in the
controller

CONSENT CHANGES UNDER GDPR – ARTICLE 6
• Consent must be freely given, specific, informed and
unambiguous
• Consent requires some form of clear affirmative action. Opt out
or silence does not constitute consent
• Consent must be demonstrable. Some form of record must be
kept of how and when consent was given.
• Individuals have the right to withdraw consent at any time.
• All current processing that uses consent should be reviewed to
ensure it meets the GDPR requirements.

NEW INDIVIDUAL RIGHTS UNDER GDPR
• The right to be informed – usually via Privacy notices
• The right of access –
• The right to rectification
• The right to erasure – also known as the right to be forgotten
• The right to restrict processing
• The right to data portability
• The right to object – includes profiling, direct marketing and
processing for research
• Rights in relation to automated decision making and profiling.

PRIVACY BY DESIGN UNDER GDPR AND DPIA
 Control exposure to personal data
 DPIA is under the GDPR a legal requirement and high-risk
situations require ICO consultancy
 DPIA at project start ensures privacy by design, compliance with
legislation and that systems are built with security from outset
and risks are managed.
 Better and cheaper solutions as adding in good security at a later
date can be costly
.

DATA BREACH NOTIFICATION UNDER GDPR
 GDPR introduces a duty on all organisations to report on data
breach to supervisory authority, and in some cases to the
individuals affected.
 A personal data breach = destruction, loss, alteration,
unauthorised disclosure of, or access to, personal data.
 Risky data breaches will need to be reported to supervisory
authorities and individuals notified directly.
 Breach notification within 72 hours and internally to the
organisation.
 Failure to report a breach can also result in fines.

IDERA’s Enterprise
Data Architecture
Solution

IDERA’S ER/STUDIO ENABLES ENTERPRISE ARCHITECTURE
Enterprise Enablement
BusinessArchitecture
ApplicationArchitecture
TechnicalArchitecture
Data Architecture

ER/STUDIO ENTERPRISE TEAM EDITION 2017

ER/STUDIO TEAM SERVER: ENTERPRISE COLLABORATION

Tackling GDPR
challenges with EDA
solution

ENTERPRISE DATA ARCHITECTURE VS. GDPR

TACKLING GDPR WITH ENTERPRISE DATA
ARCHITECTURE
• Create and maintain awareness towards GDPR
compliance across the organization
• Understand the current data landscape for better
GDPR compliance
• Check existing processes & procedures regarding
currency towards GDPR
• Review privileges and accountabilities to data and its
flow
• Document individual rights
• Security management and data breach notification
• Data governance, collaboration and data protection
impact assessment

CREATE AWARENESS

UNDERSTAND THE DATA LANDSCAPE

SAP, S/4HANA, SAP BW
SALESFORCE
ORACLE EBUSINESS SUITE
SIEBEL
PEOPLESOFT
JE EDWARDS
MS DYNAMICS AX
OTHER PACKAGED
APPLICATIONS
METADATA
EXTRACTION
SEARCH
FILTER
SCOPE
ANALYSE
VISUALISE
COMPARE
CREATE
REPORT
RESULTS
Fast software driven access to ERP and CRM metadata
Accurate and includes customisations
Intuitive analysis
Share results
UNDERSTAND THE DATA LANDSCAPE WITH SILWOOD’S SAFYR
– IDENTIFY, DESCRIBE & CATALOG APPLICATION METADATA
Broader reach of solution
Differentiator / Equaliser
Accelerate sales / overcome objection about CRM/ERP

CHECK EXISTING PROCESSES AND PROCEDURES
WITH ER/STUDIO BUSINESS ARCHITECT

REVIEW DATA PRIVILEGES AND ACCOUNTABILITIES

REVIEW DATA PRIVILEGES AND ACCOUNTABILITIES
WITH ER/STUDIO DATA LINEAGE AND ER/ETL

DOCUMENT AND MANAGE INDIVIDUAL RIGHTS

SECURITY MANAGEMENT AND BREACH
NOTIFICATION WITH ER/STUDIO DATA ARCHITECT

SECURITY MANAGEMENT AND BREACH NOTIFICATION
WITH ER/STUDIO BUSINESS ARCHITECT

DATA GOVERNANCE, COLLABORATION, DPIA

SUMMARY – ER/STUDIO ENTERPRISE EDITION
VS. GDPR
 It meets data privacy and industry compliance by design and default.
 Leveraging integrated process and data modeling tools helps to setup
data governance and create awareness about GDPR, the rules and its
business impact
 Helps to discover existing systems and processes and new projects
and maintain our data fields in line with the GDPR rules.
 It gives organizations visibility into their applications, databases and
processing activities holding critical information for GDPR compliance.
 It serves as a collaboration platform for sharing information related to
different applications and systems across the organization.
 It helps to document and encourage discussions on data how
organizations are complying with GDPR legislation within the
organization and external regulators in case of an audit.

THANKS!
Any questions?
You can find me at:
Sultan.Shiffa@idera.com

Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance

More Related Content

What's hot

Viewers also liked

Similar to Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance

More from IDERA Software

Recently uploaded

Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance